----------------------------------------------------------- This is an automatically generated e-mail. To reply, visit: https://reviews.apache.org/r/74676/#review225925 -----------------------------------------------------------
Ship it! Ship It! - Radhika Kundam On Oct. 27, 2023, 10:50 a.m., Disha Talreja wrote: > > ----------------------------------------------------------- > This is an automatically generated e-mail. To reply, visit: > https://reviews.apache.org/r/74676/ > ----------------------------------------------------------- > > (Updated Oct. 27, 2023, 10:50 a.m.) > > > Review request for atlas, Jayendra Parab, Radhika Kundam, and Sidharth Mishra. > > > Bugs: ATLAS-4801 > https://issues.apache.org/jira/browse/ATLAS-4801 > > > Repository: atlas > > > Description > ------- > > GzipSource does not handle an exception that might be raised when parsing a > malformed gzip buffer. This may lead to denial of service of the Okio client > when handling a crafted GZIP archive, by using the GzipSource class. > > CVSSv3 Score:- 7.5(High) > > https://nvd.nist.gov/vuln/detail/CVE-2023-3635 > > > Diffs > ----- > > pom.xml f76d0ea04 > > > Diff: https://reviews.apache.org/r/74676/diff/1/ > > > Testing > ------- > > Verified Manually > PC Build: > https://ci-builds.apache.org/job/Atlas/job/PreCommit-ATLAS-Build-Test/1485/ > [One test failed which is not related to this change - > (EntityV2JerseyResourceIT.testSetLabelsByTypeName:986)] > > > Thanks, > > Disha Talreja > >
